隐私攻击的方法
The last 12 months have been busy ones for IronCore with new products, new features, major leaps in performance, usability, and more.
在过去的12个月中,IronCore一直忙于提供新产品,新功能,性能,可用性等方面的重大飞跃。
If you’re like us, you may find it hard to look away from the torrent of news these days. Amidst the whirlwind that is 2020, we want to step back and recap the progress we’ve made with our product line over the past year.
如果您像我们一样,这几天可能会很难摆脱新闻洪流。 在2020年的旋风中,我们想退后一步,回顾过去一年我们在产品线方面取得的进展。
新产品名称 (New Product Names)
We’ve recently changed the names of some of our core products to acknowledge that they’ve grown beyond their original use cases with new features.
我们最近更改了一些核心产品的名称,以确认它们已经超越了具有新功能的原始用例。
数据控制平台 (Data Control Platform)
Our zero-knowledge SDKs, which support cryptography-based access controls, and which we used to call our end-to-end encryption toolkit, are now components of the Data Control Platform. We made this change for a few reasons, but one of them is that while fundamentally what we do is powered by cryptography, we also go beyond that. For example, we have a strong emphasis on audit trails, data management policies, and other aspects that give data owners control of their data.
我们的零知识开发工具包现在是数据控制平台的组件,这些工具包支持基于密码的访问控制,并且我们过去将其称为端到端加密工具包。 我们进行此更改的原因有几个,但其中之一是,尽管我们所做的工作基本上是由加密技术提供支持,但我们也超越了这个范围。 例如,我们非常重视审核跟踪,数据管理策略以及其他使数据所有者可以控制其数据的方面。
In addition to the client-side use cases you commonly think of in end-to-end encryption scenarios, we also support server-side encryption and decryption, and mixes of the two. By expanding the scope of the name, we hope people will consider broader use cases where they want to tightly manage and secure data.
除了您通常在端到端加密方案中想到的客户端用例之外,我们还支持服务器端加密和解密以及两者的混合 。 通过扩展名称的范围,我们希望人们能够在希望紧密管理和保护数据的地方考虑更广泛的用例。
SaaS Shield™️ (SaaS Shield™️)
Our Customer Managed Keys for SaaS product is now known as SaaS Shield. As with our core platform, we’ve expanded the product’s functionality. We support customer held encryption keys, and we’ll soon release support for near-real-time streaming of logs to SaaS customers’ security logging infrastructure. This log stream will first include data access events but will soon be joined by other events that are interesting for security and compliance reasons, such as changes to users, groups, and permissions.
我们针对SaaS产品的客户管理密钥现在称为SaaS Shield。 与我们的核心平台一样,我们已经扩展了产品的功能。 我们支持客户持有的加密密钥,并且很快将发布对将日志实时流传输到SaaS客户的安全日志记录基础结构的支持。 此日志流将首先包含数据访问事件,但很快将与其他出于安全和合规性原因而引起关注的事件(例如,用户,组和权限的更改)一起加入。
数据控制策略和编辑器 (Data Control Policies and Editor)
One common use of our Data Control Platform is to make sure that only specific users and systems can see particular classes of information. At the core, we do this with public key cryptography and groups. But it can be cumbersome to manage groups in more complex systems. So we released our initial version of policies last year.
我们的数据控制平台的一种常见用途是确保只有特定的用户和系统才能看到特定类别的信息。 从根本上讲,我们使用公钥密码学和组来实现。 但是在更复杂的系统中管理组可能很麻烦。 因此,我们去年发布了政策的初始版本。
Data control policies allow you to tag data with a sensitivity level (customizable, but for example, low/medium/high or public/private/restricted) and a category (also customizable, but for example, HR/Finance/Legal/Health).
数据控制策略允许您标记敏感度级别(可自定义,但例如,低/中/高或公共/私有/受限)和类别(也可自定义,但是,HR /财务/法律/健康)的数据。
And you can then determine which sets of users (employees or even customers) should be able to access each of the combinations of sensitivity and category.
然后,您可以确定哪些用户组(员工甚至客户)应该能够访问敏感度和类别的每种组合。
Until recently, setting up these policy rules meant handwriting configuration files. We’re pleased to announce that we now have a graphical policy editor for administrators to create and maintain their data policies.
直到最近,设置这些策略规则还意味着手写配置文件。 我们很高兴地宣布,我们现在拥有一个图形策略编辑器,供管理员创建和维护其数据策略。
加密字段搜索 (Encrypted Field Search)
In the Data Control Platform, IronCore now supports searching and filtering on encrypted data, including substring searches.
在数据控制平台中,IronCore现在支持对加密数据进行搜索和过滤,包括子字符串搜索。
This is a huge deal.
这是一笔大买卖。
One of the most common things that we hear when we tell people they should be encrypting and controlling their data is a worry it will become useless. For example, encrypting a customer’s home address sounds great until there’s a business reason that requires someone to pull up the records of all customers who live in a particular city.
当我们告诉人们应该加密和控制其数据时,我们听到的最常见的事情之一就是担心它会变得毫无用处。 例如,对客户的家庭住址进行加密听起来很不错,直到有商业原因要求某人提取居住在特定城市的所有客户的记录为止。
Previously, you needed to maintain a separate index to look records up by a particular attribute (which could leak a lot of sensitive data), or to pull in all the records and decrypt and filter them in the client. Now the search and filter operations can happen on the server without the server seeing any unencrypted data.
以前,您需要维护一个单独的索引,以按特定属性查找记录(这可能会泄漏大量敏感数据),或者提取所有记录并在客户端中对其进行解密和过滤。 现在,搜索和筛选操作可以在服务器上进行,而服务器看不到任何未加密的数据。
This feature is useful specifically for searching on fields that typically hold small amounts of data (roughly ranging from a word to a paragraph in size). IronCore does not yet support a secure encrypted search method for larger text sizes such as full document search.
此功能特别适用于搜索通常包含少量数据(大小范围从单词到段落)的字段。 IronCore尚不支持用于较大文本大小(例如,完整文档搜索)的安全加密搜索方法。
扩展的语言和平台支持 (Expanded Language and Platform Support)
Our goal is for there to be zero excuses for not tightly controlling and securing private data. We think this is how modern applications should be built and we want this to be available to everyone, everywhere.
我们的目标是没有严格控制和保护私有数据的零借口。 我们认为这是应该构建现代应用程序的方式,并且我们希望此功能可用于任何地方的每个人。
In doing this, you shouldn’t have to trust us. That means we, IronCore Labs, should never have access or the ability to access anyone’s private data. We never see plaintext data or private keys, which means that all encrypt and decrypt operations happen on client devices or inside our customers’ infrastructure. Consequently, we must support a variety of platforms and languages.
这样一来,您不必信任我们。 这意味着IronCore Labs绝对不应该具有访问权限或访问任何人的私人数据的能力。 我们从未见过明文数据或私钥,这意味着所有加密和解密操作都在客户端设备上或在客户的基础架构内部进行。 因此,我们必须支持各种平台和语言。
We’ve worked hard to build broad support. We’ve invested a tremendous amount of time, money, and energy to make our libraries portable. Below is our current support list. If your preferred language or platform isn’t listed below, talk to us.
我们一直在努力建立广泛的支持。 我们投入了大量的时间,金钱和精力来使我们的图书馆可移植。 以下是我们当前的支持列表。 如果您的首选语言或平台未在下面列出,请与我们联系。
数据控制平台语言支持 (Data Control Platform Language Support)
In the past year we’ve expanded our language support so that we now support all of these languages:
在过去的一年中,我们扩展了对语言的支持,以便我们现在支持所有这些语言:
- Rust 锈
- Java Java
- Scala Scala
- TypeScript 打字稿
- JavaScript JavaScript
- C++ C ++
- Swift (beta) 斯威夫特(测试版)
And we support the following platforms:
我们支持以下平台:
- Web Browser (with WebAssembly) Web浏览器(带有WebAssembly)
- NodeJS 节点JS
- macOS native macOS本机
- Linux native Linux本机
- Windows native Windows本机
- Android native Android本机
- iOS native (beta) iOS原生(测试版)
SaaS Shield语言支持 (SaaS Shield Language Support)
SaaS Shield is a server-side encrypt/decrypt solution that does not require the breadth of support needed by our Data Control Platform. However, any language and environment supported by the Data Control Platform could be supported by our SaaS Shield SDKs. Contact us if you’d like to request support for something not listed below.
SaaS Shield是服务器端加密/解密解决方案,不需要我们的数据控制平台所需的广泛支持。 但是,我们的SaaS Shield SDK可以支持数据控制平台支持的任何语言和环境。 如果您希望为以下未列出的内容寻求支持,请与我们联系。
Run-times:
运行时间:
- JVM 虚拟机
- NodeJS 节点JS
We support TypeScript and JavaScript on NodeJS and also any JVM language including Java and Scala. These should work on any platform, but we specifically test for and support Linux server environments.
我们在NodeJS以及任何JVM语言(包括Java和Scala)上都支持TypeScript和JavaScript。 它们可以在任何平台上运行,但是我们专门测试并支持Linux服务器环境。
无缝私钥旋转 (Seamless Private Key Rotation)
With IronCore’s Data Control Platform, it’s always been easy to rotate device keys and user keys when data is encrypted to groups instead of directly to users. Using our multiparty-computation for users and groups, we are now able to rotate the private keys for users even if data is encrypted directly to them, without needing to change already encrypted data.
使用IronCore的数据控制平台,将数据加密到组而不是直接加密到用户时,旋转设备密钥和用户密钥始终很容易。 通过使用针对用户和组的多方计算,即使数据直接被加密,我们现在也可以为用户旋转私钥,而无需更改已经加密的数据。
One key driver of this functionality is the chicken and egg problem often faced in end-to-end encryption systems: how can we encrypt data to a person who hasn’t yet generated their keys?
此功能的关键驱动因素是端到端加密系统中经常遇到的鸡肉和鸡蛋问题: 我们如何才能将数据加密给尚未生成密钥的人?
This problem is particularly bedeviling when the goal is to encrypt the data of millions of consumers, where each consumer’s data is encrypted to them and decryption rights are delegated from them back to the company in a revocable way. We call this our GDPR pattern and it works great, but until recently, we didn’t have a good way to import an existing repository of data and encrypt it all at once to users without existing keys.
当目标是对数百万个消费者的数据进行加密时,这个问题尤其令人困扰。在这种情况下,每个消费者的数据都被加密给他们,解密权以可撤销的方式从他们那里被委派回公司。 我们称其为GDPR模式,它很好用,但是直到最近,我们还没有一个好的方法来导入现有的数据存储库,并立即将所有数据加密给没有现有密钥的用户。
Now we can.
现在可以了。
With private key rotation, a server process can generate keys for a user, encrypt their data to the public key, and delegate decryption back to the company. The private key is encrypted and escrowed using a model that splits trust between IronCore and our customer.
通过私有密钥旋转,服务器进程可以为用户生成密钥,将其数据加密为公共密钥,然后将解密委托给公司。 使用在IronCore和我们的客户之间分割信任的模型对私钥进行加密和托管。
This process leaves the users’ keys in a partially compromised state. The server systems have seen the private keys of these users, and if someone managed to capture those keys, then the users’ data is compromised. Note that at this point in time, the server can see the plain text, so we’re mostly concerned about future changes to the data.
此过程使用户的密钥处于部分受损的状态。 服务器系统已经看到了这些用户的私钥,如果有人设法捕获了这些私钥,则用户的数据将受到威胁。 请注意,此时服务器可以看到纯文本,因此我们最担心的是将来对数据的更改。
Now, when a user first logs in, if their keys were generated for them, their private key is rotated. They can still access data previously encrypted to them, but any server that stored off their initial private key will find it useless.
现在,当用户首次登录时,如果为其生成了密钥,则将旋转其私钥。 他们仍然可以访问以前加密过的数据,但是任何使用其初始私钥存储的服务器都将发现它无用。
All of this is done under the hood so the user doesn’t need to do anything special or even to know about the keys to keep their data safe.
所有这些都是在后台进行的,因此用户不需要做任何特别的事情,甚至不需要知道密钥就可以保护其数据安全。
奖励功能 (Bonus Features)
性能 (Performance)
In the last year, we’ve put a lot of effort into performance for both SaaS Shield and the Data Control Platform.
去年,我们在SaaS Shield和数据控制平台的性能方面做出了很多努力。
For SaaS Shield, we moved our Tenant Security Proxy from NodeJS to Rust and saw a 60% speedup from that. We then added support for batch operations with automatic multi-threading on both the client and in the server.
对于SaaS Shield,我们将租户安全代理从NodeJS移到了Rust,并看到了60%的加速。 然后,我们在客户端和服务器上添加了对具有自动多线程功能的批处理操作的支持。
We updated the Data Control Platform’s rust library to add asynchronous interfaces and non-blocking I/O, so embedding applications can take advantage of the parallelization available in their tasks to achieve higher performance and throughput. Most of our SDKs derive from this library, so they provide similar opportunities for performance increases.
我们更新了数据控制平台的rust库,以添加异步接口和非阻塞I / O,因此嵌入式应用程序可以利用其任务中可用的并行化来获得更高的性能和吞吐量。 我们的大多数SDK都源自该库,因此它们为提高性能提供了类似的机会。
Finally, for the Data Control Platform, we added client-side caching of public keys so that large batch encrypt operations (such as on initial imports) can re-use public keys without making network calls. With cached keys and when run in threaded mode, our throughput is now about 10ms per encryption operation. We’ve also provided raw benchmark results and instructions on our libraries for how to run the benchmarks yourself.
最后,对于数据控制平台,我们添加了公用密钥的客户端缓存,以便大批量加密操作(例如在初始导入时)可以重用公用密钥而无需进行网络调用。 使用缓存的密钥并在线程模式下运行时,每个加密操作的吞吐量现在约为10毫秒。 我们还在库中提供了原始基准测试结果和说明,说明如何自己运行基准测试。
Protobuf支持 (Protobuf Support)
We added support for protobufs in the Data Control Platform and a mechanism for classifying data within those protobufs. This dovetails with the policy features and allows the classification of data at a protobuf definition level.
我们在数据控制平台中增加了对原型缓冲区的支持,并增加了对这些原型缓冲区中的数据进行分类的机制。 这与策略功能相吻合,并允许在protobuf定义级别对数据进行分类。
记忆保护 (Memory Protections)
The recrypt library, which holds the encryption routines that underpin most of our products, gained memory protection techniques. On supported platforms, to the extent possible, we are able to prevent memory that holds private keys and plain text from being written to disk as part of memory swapping or core dumps. This better protects secrets that are only ever intended to be in memory briefly.
包含支持我们大多数产品的加密例程的recrypt库获得了内存保护技术。 在受支持的平台上,我们可以尽可能地防止将包含私钥和纯文本的内存作为内存交换或核心转储的一部分写入磁盘。 这样可以更好地保护仅打算短暂存在于内存中的秘密。
回顾与展望 (Looking back and looking forward)
Reading through all these updates and new features, I’m excited by what we’ve accomplished. Our team spends a lot of time improving our products based on customer feedback, and it shows.
通读所有这些更新和新功能,我为我们所取得的成就感到兴奋。 我们的团队花费大量时间根据客户的反馈来改进我们的产品,这表明了这一点。
The Data Control Platform and SaaS Shield products are the answer to many modern data privacy challenges faced by software companies. As those challenges evolve, so does our product line. We’re committed to listening to our customers, learning from industry peers, and building a company and movement focused on making the world a safer place with data control.
数据控制平台和SaaS Shield产品是软件公司面临的许多现代数据隐私挑战的答案。 随着这些挑战的发展,我们的产品线也在发展。 我们致力于倾听客户的声音,向业界同行学习,并建立公司和运动,致力于通过数据控制使世界变得更加安全。
If you are looking to up your data privacy game or to build your next application with privacy at the core, we’d like to hear from you. Let’s talk.
如果您正在寻找自己的数据隐私游戏,或者要构建以隐私为核心的下一个应用程序,我们希望收到您的来信。 说吧
翻译自: https://blog.ironcorelabs.com/new-ways-to-address-modern-privacy-challenges-902223c8c35d
隐私攻击的方法
